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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
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DETAILED ACTION 

1 . Claims 1-30 have been examined. 

Claim Objections 

2. Claim 22 is objected to because of the following informalities: the claim is incomplete. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 1-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. 

5. Claims 1 and 20 are directed to an intrusion detection method/system. The examiner 
respectfully asserts that the claimed method/system does not fall within the statutory classes 
listed in 35 USC 101. Thus, while the claimed invention may be labeled as a method/system it is 
in fact functional descriptive material (i.e., computer program, see specification page 16, line 15- 
page 17, line 5). Claims 1 and 20 are rejected as being functional descriptive material (i.e., 
computer program). Claims 2-19 and 21-29 depend on claims 1 and 20 and are rejected under 
the same rationale. 

6. Claim 30 is directed to a computer program product for detecting intrusion. The 
examiner respectfully asserts that the claimed program product does not fall within the statutory 
classes listed in 35 USC 101. Thus, while the claimed invention may be labeled as a computer 



Application/Control Number: 10/092,179 Page 3 

Art Unit: 2135 

program product, the computer-readable storage medium is a data signal (see specification 
page 17, lines 2-5). Claim 30 is rejected as being signal. 



Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

8. Claims 1, 3-11, 13-19 and 30 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Vaidya US Patent 6,279,113 B1. 



9. As per claims 1 and 30, Vaidya teaches a method for detecting intrusion on a network, 
comprising: 

storing signature profiles identifying patterns associated with network intrusion in a 
signature database [column 3, lines 27-38 and column 6, lines 35-42]; 

generating classification rules based on said signature profiles [column 3, line 65 - 
column 4, line 8]; 

receiving data packets transmitted on the network [column 6, lines 60-68]; 
classifying data packets having corresponding classification rules according to said 
generated classification rules [column 6, line 57 - column 7, line 10]; 
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forwarding said classified packets to a signature engine for comparison with signature 
profiles [column 6, lines 63 - column 7, lines 5 and column 7, lines 1 1-21]. 

10. As per claims 3-9, Vaidya further teaches classifying said packets according to at least 
one packet field into groups [column 9, lines 46-61 and column 7, lines 2-21]. 

11. As per claims 10, 11, 13 and 1 4, Vaidya further teaches performing a table lookup to 
select an action to be performed on said packet based on its classification [column 7, lines 2-1 1 
and column 9, lines 27-35]. 

12. As per claims 15 and 16, Vaidya further teaches partitioning signatures into disjoint 
groups to define subsets of signature profiles [column 6, lines 27-42]. 

13. As per claims 17-19, Vaidya further teaches filtering received packets and capturing 
packets at a network analysis device [column 8, lines 40-55]. 

14. Claims 20-29 are rejected under 35 U.S.C. 102(e) as being anticipated by Copeland, III 
US Pub. 2002/0144156 A1 (hereinafter Copeland). 

15. As per claim 20, Copeland teaches an intrusion detection system comprising: 

A signature classifier comprising a first stage classifier operable to classify packets 
according to at least one packet field into groups and a second stage classifier operable to 
classify said packets within each of the groups according to a packet type or size [paragraph 
0139, 0140 and 0165]; 
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a flow table configured to support table lookups of actions associated with classified 
packets [paragraphs 0148, 0149]; 

a signature database for storing signature profiles identifying patterns associated with 
network intrusion [paragraphs 0020, 0153-0155]; and 

a detection engine operable to perform a table lookup at the flow table select an action 
to be performed on said packet based on its classification, wherein comparing said packets to at 
least a subset of the signature profiles is one of the actions [paragraphs 0157 -0159 and 0163- 
0165]. 

16. As per claims 21 and 22, Copeland teaches the system further comprising a data 
monitoring device having a capture engine operable to capture data passing through the 
network and configured to monitor network traffic, decode protocols, and analyze received data 
[paragraph 0137]. 

17. As per claim 23, Copeland further teaches a parser operable to parse, generate and 
load signatures at the detection engine [paragraphs 0142-0146]. 

18. As per claims 24, Copeland further teaches the system comprising an alarm manager 
operable to generate alarms [paragraphs 0162-0164]. 

19. As per claims 25 and 26, Copeland further teaches a filter configured to filter out packets 
received at the intrusion detection system [paragraphs 0139-0141]. 
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20. As per claim 27, Copeland further teaches the flow table is a hash table [paragraphs 
0149-0150] 

21 . As per claims 28 and 29, Copeland further teaches action options listed in the flow table 
include dropping the packet and generating an alarm [paragraph 0165]. 

Claim Rejections - 35 USC § 103 

22. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

23. Claims 2 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Vaidya 
US Patent 6,279,1 13 in view of Copeland US Pub. 2002/0144156 A1. 

24. As per claims 2 and 12, Vaidya teaches the method as applied to claim 1 above. Vaidya 
is silent on the method comprising dropping data packets without corresponding classification 
rules. However, Copeland teaches an intrusion detection system including dropping data 
packets without corresponding classification rules [paragraph 0165]. Both Vaidya and Copeland 
teach a network intrusion detection system. It would have been obvious to one having ordinary 
skill in the art at the time of applicant's invention to employ the teachings of Copeland within the 
system of Vaidya in order to enhance the security of the system. 



Application/Control Number: 10/092,179 
Art Unit: 2135 



Page 7 



Conclusion 



The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See PTO Form 892. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W. Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



September 16, 2005 



Beemnet Dada 
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